Hi All!
Does anyone know where I enter the settings for my web proxy server, as
I don't appear to have/can't find a nessus-fetch.rc file, as detailed
below, which is where I am supposed to enter these settings, according
to the man(ual) page for nessus-fetch.
Do I have to create the nessus-fetch.rc myself, and if so, how do I do
it (beginner's guide!), and where do I put it - and how?!
Any help, for this Linux newbie, gratefully received! :-)
BB
P.s. I'm logged-in as root
_____________________________________________
From: Brendan Bush
Sent: Monday, 24 April, 2006 13:36
To: 'nessus@list.nessus.org'
Subject: Nessus Update Plugins?
Hi!
I'm a relative newbie to Linux but have been given the task to undertake
the installation of Nessus on a laptop to use as a machine to test for
vulnerabilities on servers.
I've installed RedHat 9 (including latest updates) on a Toshiba
Satellite Pro 6100 (Pentium 4, 1700MHz CPU) with 512MB RAM, and then
installed Nessus 2.2.7 (via the source code, as I couldn't get the
installer to work.)
I've created a user for the Nessus client, but I can't get the Update
Plugins to install automatically.
The Nessus web site says, for a manual update to the plugins, you need
to register and then follow the instructions in the e-mail you are sent,
which tells you to execute the following command:
/opt/nessus/bin/nessus-fetch --register xxxx-xxxx-xxxx-xxxx-xxxx
I've tried this but this gives the output: "bash:
/opt/nessus/bin/nessus-fetch: No such file or directory", as there is
nothing in the /opt/ folder!
There are, though, copies of 'nessus-fetch' in /usr/local/bin/ &
/root/nessus-core/nessus-fetch/
If I try swapping these locations into the command to execute, above, I
still get, though:
"could not connect to plugins.nessus.org - Operation now in progress"
And nothing happens.
I can download the "all-2.0.tar.gz" file and extract it though, but
don't know where to put the "*.nasl" files that come from it! (That's if
it's actually possible to configure the software/updates this way!?
I did then try typing-in:
"/root/nessus-core/nessus-fetch/ --plugins"
And I got the output:
"Could not locally open all-2.0.ta.gz - file exists"!
We run a proxy server, though you don't have to log-in to get to the
Internet. I've got the Mozilla browser configured, that comes with
RedHat, with the Manual proxy configuration for our proxy server and
port (under 'Edit' > 'Preferences' > 'Advanced' > 'Proxies') for HTTP,
SSL, FTP, Gopher & SOCKS (v.5), and have also configured the 'Network
Proxy', under 'Preferences' (in RedHat), manually with the same settings
as in the browser.
I've come across the file, "nessus-update-plugins.8", at:
/root/nessus-plugins/docs/ which says, under 'PROXIES', "If you are
behind a web proxy, then read the manual page of nessus-fetch to
configure nessus-fetch with a proper proxy support."
I've found "nessus-fetch.1", of manual page type, and gone down to the
"PROXY SUPPORT" section, where it says,
"If you need to connect to the internet through a proxy, nessus-fetch
can be configured to use one. Simply edit the file
nessus-fetch.rc
and add the following lines, changing the appropriate values where
necessary:
proxy=192.169.0.1
proxy_port=3128
proxy_username=renaud
Proxy_password=s3cr3t"
Unfortunately I cannot find a "nessus-fetch.rc" file, though I did find
a 'nessus-fetch.c' file located at:
/root/nessus-core/nessus-fetch/
Though not sure of any definite place within this file that could be
edited with the above text!
Help!!! Can anyone advise me how I can get this set-up to update the
plugins automatically, or, if not, where I might be able to place the
NASL files/plugins/updates I've already extracted?
Thanks! I'm in a bit of a rush for this! Need it sorted by the end of
the afternoon, if possible!!!!!
Brendan B.
Brendan BUSH - WAO ICT/ Adran TGaCh SAC
Research & Development Officer/ Swyddog Ymchwil a Datblygiad
Deri House, 2-4, Park Grove, CARDIFF, CF10 3PA.
E-mail/E-bost: Brendan.Bush@wao.gov.uk
Tel. no./Rhif. ffon.: (029) 2026-2635
Mob. no./Rhif symudol.: 07779 625536
This email and any attached files are private. If you are not the intended
recipient please destroy all copies and inform the sender by return e-mail.
This message has been scanned for viruses by BlackSpider MailControl.
For further information on the Wales Audit Office and details of other ways to
contact us please visit our website at www.wao.gov.uk.
Mae?r ebost hwn ac unrhyw ffeiliau atodedig yn breifat. Os nad atoch chi y
bwriadwyd anfon yr ebost hwn dylech ddinistrio pob copi a hysbysu?r anfonwr
drwy anfon ebost yn ôl atynt.
Mae?r neges hon wedi cael ei harchwilio am firysau gan BlackSpider MailControl
I gael gwybodaeth bellach am Swyddfa Archwilio Cymru a manylion am ffyrdd
eraill o gysylltu â ni, ewch i?n gwefan.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
